Facebook or other Social Media phishing scams.

People often do not realize what little information is needed for someone to use it with malicious intent.  This is why it’s important to safeguard your personal information as much as possible.

Almost all of us have an online presence anymore, maybe it’s Facebook, maybe it’s LinkedIn, Twitter, etc..  Knowing how to best protect yourself or how to deal with a situation is key to staying safe online.  In this case we will be looking at Facebook, but the general rules apply across all platforms.

Recently a friends Facebook account appeared to be hacked, but it wasn’t.  What did happen is that someone created a new Facebook account and used his name AND his profile picture and his cover picture.  If you have a Facebook account than you most likely have a picture of yourself as your profile picture and maybe another picture of you and family as a cover photo.

Those pictures are publicly accessible, so that means that Anyone, Anywhere in the world can see those pictures AND download them.  Your name is also publicly accessible and Facebook’s name policy requires that you use your real name, or your account could be suspended.

Now that the scammer has this fake Facebook account they can use it to start friending your friends and family.  In this case they told his friends that he had mistakenly unfriended them and asked them to accept the new invite, and some of them did. Luckily, some of them were suspicious enough to call him and tell him what was happening. If he had not caught it in time the scammer would typically start sending messages to your friends.  They will make up a story, as you, saying how they are stuck somewhere and lost their wallet and need you to somehow get some amount of money to them so that they can make it home, or something similar.

So far, the scammer has used public information, so what can you do to prevent this from happening?  How believable their story is can be a difference maker in tricking one of your friends into sending cash or calling you to see what’s going on.  This is were keeping your personal information private is key.

If you often post online where you are, and what your doing, AND you post publicly OR you post and allow Friends of Friends to see your posts than the scammer can now just look and see what you’ve been up to.  For example, let’s say you often travel to a particular city and go to your favorite restaurant and post about it online, than the scammer now has some great details to make up a story that could possibly trick someone.

Think everyone in your friends list can’t be fooled?  The FTC reported that in 2018 three million people reported losing a total of $1.48 Billion dollars, that is a 38% increase from 2017. Get this, 43% of those scammed were in their 20s.  One of the top three ways they got scammed was by impostors!

Here is what you can do to make yourself a difficult target.  Some of these guidelines may not be a fit for you but the more you do here the safer you will be.  2-7 are in Facebook’s privacy settings which is gotten to different ways depending on what Facebook interface you are using.

  1. Don’t post things publicly, or maybe not even to your entire friends list.
  2. If you already have allot of public posts, you can easily change all of them by going to “Limit Past Posts”. This will switch all old posts to Friends only.
  3. Change who can see your future posts to Friends or to another group you may have.
  4. Change “Who can see your Friends list?” to at least “Friends”, maybe to another group or to “Only me”, but never Public. This prevents a scammer from friending all of your friends and making it harder for them to look legit.
  5. Change “Who can look you up using the email address you provided?” to Only Me. Your email address is all over the internet, it just is, don’t make it easy for the scammers to find you.  Check Have I been pwned to see if/where your email address has been involved in any data breaches.
  6. Change “Who can look you up using the phone number you provided?” to Only Me
  7. Change “Do you want search engines outside of Facebook to link to your profile?” to No.
  8. The About section of Facebook is also Public.  Limit the amount of information you have in About.  Remember the less info a scammer has the harder it is for them to pull it off.

It’s also good practice to have strong passwords and Two Factor Authentication turned on, this can be done in the Security and Login section of your Facebook settings page.

Never ever send money to friends or family anywhere anyhow without speaking to them on the phone and confirming their problem is real.  Never send money to anyone you don’t know.  If someone says they are calling from your insurance office, debt collector, debt forgiveness, doctors office, etc.  Hang up and google the office they claimed to be calling from and call them back on that number, and you may find that their office didn’t call you.  Also make sure the number you found through google is the correct number for the company by verifying the domain name in the address bar of your browser, more about that here.

If this has happened to you or someone you know on Facebook.

  1. Do not friend the person, accepting the request makes their fake account look more real to other friends and they may be more susceptible than you.
  2. Report the profile. If you are looking at the fake profile, there should be 3 dots, click them then click “Find support or report profile” and select “Fake Account” and click Next.  Follow the instructions on screen.
  3. Call your friend and let them know what is happening so they can post something on Facebook letting others know not to accept the friend request or correspond with the fake account in anyway.

Doing the above will help make you safer online.  Also check out our article on Password Managers.